Today, Congresswoman Maxine Waters (D-CA), the top Democrat on the House Financial Services Committee, sent a letter to the Chief Executive Officers of leading U.S. financial institutions, including JPMorgan Chase, Citigroup, Bank of America, Morgan Stanley, Wells Fargo, and Goldman Sachs, demanding an immediate briefing on how they are addressing newly discovered cybersecurity vulnerabilities linked to advanced artificial intelligence.

The letter follows Anthropic’s announcement of “Claude Mythos Preview,” an “extremely autonomous” artificial intelligence model capable of carrying out sophisticated computer security and coding tasks. According to Anthropic, the system has already identified thousands of high-severity vulnerabilities across major operating systems and web browsers, with the company warning that exploitation of these flaws could pose severe risks to the economy, public safety, and national security.

In the letter, Ranking Member Waters raises concerns about the growing cybersecurity and financial stability risks posed by increasingly powerful AI systems, as well as a troubling lack of engagement and transparency from major Wall Street institutions.

“I am deeply concerned that the Committee has not been briefed by your banks on how you are confronting the heightened risks of cybersecurity vulnerabilities identified by Mythos, and your efforts to ensure your institutions operate in a safe and sound manner, protect consumers, and mitigate your risks to U.S. financial stability,” wrote Ranking Member Waters. “Bank CEOs’ lack of engagement, as these developments come to light, impairs the Committee’s ability to protect the public and the financial system as we know it from novel and existential AI risks.”

In closing, Ranking Member Waters requests that the banks provide Democratic staff of the House Financial Services Committee with a comprehensive briefing and written responses to a series of questions regarding cybersecurity preparedness, regulatory gaps, internal AI risk-management frameworks, federal coordination protocols, and vulnerability disclosure procedures no later than July 3, 2026.

See the letter HERE.

###